Getting intimate with strangers ...

As post 9-11 has caused a significant rise in inconvenience when catching a plane, expect to see a significant rise in inconvenience in proving who you are. Many organisations are implementing steps to combat identity fraud. It will not be long before you will need to enter a PIN number to complete a credit card transaction. It will only be a matter of time before we will be required to have our photo displayed on our credit cards.

Banks are now issuing smart chip enabled credit cards. Don’t be surprised if you are asked the name of your favourite film in order to complete a transaction, the answer of which will be stored on your smart card. Also coming is two factor authentication where in order to complete a transaction, you will receive a code on your mobile phone via SMS that you will have to enter in conjunction with your PIN. This code will only remain valid for a few minutes.

The previous federal government under John Howard has also moved to combat identity theft with the implementation of the Anti Money Laundering (AML) legislation which all financial institutions are required to comply with. AML will monitor your transactions and flag anything out of the ordinary or suspicious. Making a transaction is about to become a lot more involved for this will be the price we will need to pay to secure our identities in the future.

So how can we minimise the risk of becoming a victim of identity fraud? Some things you can do are:

• shred or burn important documents you no longer require, including unsolicited applications for financial products. You will be surprised what can be gleaned from the recycle bin;
• minimise the amount of personal data you display on web sites.
• use a generic free email account such as yahoo or Gmail when asked to provide an email address from someone you are not sure about;
• ensure you have adequate firewall and virus protection installed on your PC;
• don’t enter personal information onto a public PC;
• don’t leave receipts behind;
• reconcile your bank accounts including your credit card. I do mine fortnightly;
• if you do need to engage in online transactions, open an account from another bank and only keep the minimum required amount to complete the transaction. Also ensure the online transaction is taking place via the secure hypertext transfer protocol (SHTTP://) connection;
• ask your bank what they are doing to protect your details. Do they have set limits on how much can be transferred? Do they ask previously entered personal question of which only you would know (for example, what was the name of your first pet) before transfers to other accounts or online change of details can take place; and
• banks will never ask you to provide passwords or other sensitive information via emails or letters. This is known as phishing. Just delete them. If you are unsure of an email, don’t open it just delete it. If it is genuine, the sender will find away to contact you.

Identity management is one of the biggest issues we face today. How do you confirm a person’s identity easily?

Current indications are that the process of identification will only become more involved. Current legislation requires you to pass the 100-point test when opening a bank account.

This is usually done by presenting your passport (70 points) and a driver’s license (40 points). There is also a push to extend the 100-point check to obtaining other items such as a SIM card for a mobile phone. However, it already seems that the 100-point check is faltering in the current technological environment. Three or four pieces of documents should now be required. This can be achieved by lowering the values of acceptable documentation required for the 100-point test. For example, make a passport worth 50 points, a drivers licence 30 points, which would require another form of identification such as a birth certificate.

One possible way to ensure identity without having to present documentation is via personal verification. My parents know who I am, my next-door neighbour knows who I am, my boss knows who I am and so do many more. If there was a way to store these relationships and authenticate them, you could have a trusted relationship network that others can tap into to gauge your identity risk.

One possible way is via public/private key encryption where only you know your private key, but others know your public key. By building on your network of relationships where you distribute your public key to those you know and they provide you theirs, then by cross referencing these public/private keys, you can authenticate your relationship network and an identity rating can be established. The higher the rating, the trustworthier the identity is.

However, the best way to protect your identity is through vigilance. And finally, remember the golden rule, if it sounds too good to be true, it probably is.